Metasploit Project - Metasploit Framework

The Metasploit Project is an open source project
that provides a public resource for researching security vulnerabilities and developing code that
allows a network administrator to break into his own network to identify security risks and
document which vulnerabilities need to be addressed first.

The Metasploit Project offers penetration (pen)
testing software and provides tools for automating the comparison of a program's vulnerability
and its repaired (patched) version.
Anti-forensic and advanced
evasion tools are also offered, some of them built into the Metasploit Framework.

Metasploit Framework, the Metasploit Project's best-known creation, is a software platform for
developing, testing, and executing exploits. It can be used to create security testing tools and
exploit modules and also as a penetration testing system. It was originally created as a portable
network tool in 2003 by HD Moore.

The Metasploit Project also offers Metasploit Express, Metasploit Pro, the Opcode Database
(currently out of date) and a shellcode database. Shellcode is a type of exploit code in
which bytecode is
inserted to accomplish a particular objective. Common shellcode objectives include adding a rootkit or performing a
reverse telnet back
to the attacker's machine. Metasploit also offers a payload database, allowing the pen tester to
mix and match exploit code and objectives.

In 2009, the Metasploit Project was acquired by computer security company Rapid7. Metasploit
Express and Metasploit Pro are "open core" versions of the Metasploit Framework, with more features
added. (Open core is an approach to delivering products that combine open source and proprietary
software.) Rapid7 continues to develop Metasploit in collaboration with the open source
commmunity.

Email Alerts

Register now to receive SearchSecurity.in-related news, tips and more, delivered to your inbox.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.

News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play app vetting.

Social engineering techniques have become increasingly sophisticated as more personal and corporate data is shared on the Internet, and traditional training techniques may not be enough to keep enterprises safe.

SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.